however there's no way i believe that; a. blizzard sells anything at cost. and b. it costs $5 to make an authenticator...its plastic with a screen...its essentially a calculator minus the function. and you can get a cheap calculator for a dollar

What about the intellectual manpower that went into the creation of the authenticator? The usage rights for the algorithms that comprise its programming? Shipping? Labor? There's much more that goes into a product than simple material cost. I very much doubt Blizzard makes any significant profit off authenticators, or if they do profit then it's because they're selling it for a nice round number ($5) instead of at cost ($4.27 for instance, I don't actually know for sure).

theres no reason anyone should be charged for account security. it should definitely be included with a normal box purchase.

Blizz's many posts explaining how to secure your account are certainly offered free of charge. An authenticator does not make you hack-proof, nor does someone require an authenticator for their account to be secure. It's simply one extra layer out of many that you can choose to use. The other measures I mentioned above are certainly more important.

i totally forgot about shipping costs to blizz, i suppose that makes up for a lot of the price...as to its development? again, its plastic with a calc. screen.

Originally Posted by renegadeimp

They shouldnt do anything on the players side. The players should secure their own accounts. Biowares responsibility is for their servers.

It seems people have become too complacent in regards to authenticators. Developers issue them as a courtesy, not a necessity. Remember that.

no...the blizz developers brought them on as a necessity, as account hacking is a -huge- problem...i personally was hacked 4 times before they released the authenticator, and as far as i know, it was through no fault of my own. is there a chance i did something stupid? of course there is. but there was nothing i could do short of buying that authenticator to protect myself from another incident. Account security is definitely the responsibility of the company to its fullest extent. obviously they cant be responsible for people doing stupid things like people following links from spam e-mails, or downloading keyloggers, etc. but when it comes to a cheap product like this that highly increases security i believe it should be a complimentary service.

bottom line. most people wont play if their accounts are constantly being tampered with. and you obviously have to have a player base in order to support a game.

does that mean if (more like when) bioware releases an authenticator no one will pay for it? of course not

What about the intellectual manpower that went into the creation of the authenticator? The usage rights for the algorithms that comprise its programming? Shipping? Labor? There's much more that goes into a product than simple material cost. I very much doubt Blizzard makes any significant profit off authenticators, or if they do profit then it's because they're selling it for a nice round number ($5) instead of at cost ($4.27 for instance, I don't actually know for sure).

Blizz's many posts explaining how to secure your account are certainly offered free of charge. An authenticator does not make you hack-proof, nor does someone require an authenticator for their account to be secure. It's simply one extra layer out of many that you can choose to use. The other measures I mentioned above are certainly more important.

I have Never ever heard of someone being hacked with an authenticator applied to there account. I have been playing WoW ever since they came out with the things. As for expecting a online game to provide a service to keep there game free from hackers,scammers and other such annoying and game problems seems in the best interests of any company. I don't care how you wanna package it. But for gods sake provide it. But yea, would be simpler to add it to the cost of the game for convience sake. Having to make a another purchase just to secure a product you have already purchased is pretty short sighted.

I have Never ever heard of someone being hacked with an authenticator applied to there account. I have been playing WoW ever since they came out with the things.

It happens more than most people would care to admit. One of our guild officers, who had an authenticator but whose account had been inactive for months, was hacked and the hacker managed to take 90k from the guild bank in a matter of minutes (his daily withdraw limit was 250g). His account had not been reactivated but somehow they were able to log into his character anyway. With the right tools, getting past an authenticator is easier than people think. Heck, the authenticator algorithm was cracked within weeks of its release, allowing anyone with enough time stamps and authenticator codes (obtained through keylogging or MITM attacks) to calculate the serial number for the authenticator, basically rendering it useless.

It doesn't make you immune to being hacked, it's just one more layer of security. And again, the other methods of maintaining account security are arguably much more important, as most account compromises could have been prevented through proper security practices unrelated to authenticators.

however there's no way i believe that; a. blizzard sells anything at cost. and b. it costs $5 to make an authenticator...its plastic with a screen...its essentially a calculator minus the function. and you can get a cheap calculator for a dollar

As much as I agree Blizzard has become a money grubbing corporation of greed, they really do sell these at cost. Its much more than the keyfob to take into account but all the time and labor to get their security written for the authenticator as well as the cost of maintaining such a system.

The truth is it was costing Blizzard more in security issues than to sell the keyfob at cost.

It happens more than most people would care to admit. One of our guild officers, who had an authenticator but whose account had been inactive for months, was hacked and the hacker managed to take 90k from the guild bank in a matter of minutes (his daily withdraw limit was 250g). His account had not been reactivated but somehow they were able to log into his character anyway. With the right tools, getting past an authenticator is easier than people think. Heck, the authenticator algorithm was cracked within weeks of its release, allowing anyone with enough time stamps and authenticator codes (obtained through keylogging or MITM attacks) to calculate the serial number for the authenticator, basically rendering it useless.

It doesn't make you immune to being hacked, it's just one more layer of security. And again, the other methods of maintaining account security are arguably much more important, as most account compromises could have been prevented through proper security practices unrelated to authenticators.

Again he said she said. It seems the a company like Blizzard or EA or Bioware would have some sort of way of securing there product. I have never had my account hacked, and have never known anyone whom used the authenticators to be hacked, in all my years of wow., Is it impossible to be hacked no. Just very unlikely. But your missing the overall if all you can say is "Well I knew a guy who new a guy, who got hacked who had an authenticator." Bottom line is when you pay to play a game that you have time (and cash) as an investment, it is not unreasonable to expect that the people selling the game provide account security.

Did you consider perhaps that he took off his authenticator when he stopped playing, or lied about having one? And why was he still officer rank when he'd been offline for months? Maybe it wasn't a "hacker", perhaps it was the officer himself who logged on, then said later that he was hacked.

Not trying to being rude, and sorry if I came across as such. I just find it hard to believe someone was "hacked" with an authenticator. It's always "my friend" or "my guildie's friend knew this guy that", it's never "I got hacked even with an authenticator on my account".

This. Plus if the account was inactive (which means unsubscribed) you can't log on to the server period whether you're a hacker or not.

Again he said she said. It seems the a company like Blizzard or EA or Bioware would have some sort of way of securing there product. I have never had my account hacked, and have never known anyone whom used the authenticators to be hacked, in all my years of wow., Is it impossible to be hacked no. Just very unlikely. But your missing the overall if all you can say is "Well I knew a guy who new a guy, who got hacked who had an authenticator." Bottom line is when we pay to play a game that you have time as an investment, it is not unreasonable to expect that the people selling this game provide account security.

Don't get me wrong, I agree with you. Companies absolutely have a responsibility to make their digital service as secure as reasonably possible, including having the option for additional user security like authenticators. But most compromises are not due to lack of security on the part of the provider. They're a result of either: mismanagement of their personal information by the user (probably most common); lack of security practices on the user's part (antivirus, antispyware, strong passwords, etc); lack of security on the part of other websites or services whose systems were compromised and user information stolen (but this goes back to user security practices, using the same username/password for multiple services). In the end it's still the user's responsibility to make sure they're doing everything they can to protect themselves, because Bioware can only do so much.

---------- Post added 2011-10-18 at 03:01 PM ----------

Originally Posted by Shamburger

This. Plus if the account was inactive (which means unsubscribed) you can't log on to the server period whether you're a hacker or not.

That's why they're called "hackers". They can do things normal users can't. See where I said the daily cap for withdrawals was 250g but he withdrew 90k in one day. The money log was as such:
Player withdraws 250g. (1 day ago)
Player withdraws 250g. (1 day ago)
Player withdraws 250g. (1 day ago)
Etc until the bank was empty.

It happens more than most people would care to admit. One of our guild officers, who had an authenticator but whose account had been inactive for months, was hacked and the hacker managed to take 90k from the guild bank in a matter of minutes (his daily withdraw limit was 250g). His account had not been reactivated but somehow they were able to log into his character anyway. With the right tools, getting past an authenticator is easier than people think. Heck, the authenticator algorithm was cracked within weeks of its release, allowing anyone with enough time stamps and authenticator codes (obtained through keylogging or MITM attacks) to calculate the serial number for the authenticator, basically rendering it useless.

It doesn't make you immune to being hacked, it's just one more layer of security. And again, the other methods of maintaining account security are arguably much more important, as most account compromises could have been prevented through proper security practices unrelated to authenticators.

Why hack the guy with an aunthenticator when they can move on to an easy target? Hackers are lazier than you may imagine.

i totally forgot about shipping costs to blizz, i suppose that makes up for a lot of the price...as to its development? again, its plastic with a calc. screen.

no...the blizz developers brought them on as a necessity, as account hacking is a -huge- problem...i personally was hacked 4 times before they released the authenticator, and as far as i know, it was through no fault of my own. is there a chance i did something stupid? of course there is. but there was nothing i could do short of buying that authenticator to protect myself from another incident. Account security is definitely the responsibility of the company to its fullest extent. obviously they cant be responsible for people doing stupid things like people following links from spam e-mails, or downloading keyloggers, etc. but when it comes to a cheap product like this that highly increases security i believe it should be a complimentary service.

bottom line. most people wont play if their accounts are constantly being tampered with. and you obviously have to have a player base in order to support a game.

does that mean if (more like when) bioware releases an authenticator no one will pay for it? of course not

but that doesnt make it okay

No. Blizzard brought them in, because the vast majority of wow players are mentally deficient and lack the basic common sense to secure their own machine. Hell, a lot of them still believe in the "blizzard is hacked" conspiracy theory.

---------- Post added 2011-10-18 at 09:29 PM ----------

Originally Posted by GarGar

That's why they're called "hackers". They can do things normal users can't. See where I said the daily cap for withdrawals was 250g but he withdrew 90k in one day. The money log was as such:
Player withdraws 250g. (1 day ago)
Player withdraws 250g. (1 day ago)
Player withdraws 250g. (1 day ago)
Etc until the bank was empty.

Why hack the guy with an aunthenticator when they can move on to an easy target? Hackers are lazier than you may imagine.

Oh I do imagine they're always looking for the easiest targets. But in the case of my guildie they must have had some kind of in-depth information about the system, as they were able to log on while the account was inactive, bypass his authenticator, and take more than the daily limit in both gold and item withdraws. Could he by lying about account activity and the authenticator? Maybe, but if he was capable of compromising/exploiting Blizz's systems (knowing him for 3 years, he's not) to be able to withdraw more than the daily limit, Blizz would have found evidence it was him and wouldn't have given his account back.

I was "hacked" once myself, back before authenticators, and when I used the same username/password for other services (which is how I suspect they got my info). They transferred one of my characters to a different server by bypassing the normal transfer process. When I got my account back there was no record that a transfer had been initiated through the paid transfer service (and they only had it for 3 hours so a GM ticket for a transfer couldn't have been answered in that time), but there my character was, naked on a server I had never played on. So sometimes they do exploit genuine flaws in the system, but how they come across these magical powers is not for me to know.

And yeah, hackers/exploiters will always be a thorn in the side of developers of sensitive systems, whether gaming or banking or government contracting. All I can really do is protect myself the best way I know how. I'll leave the battle of wits up to the professionals and the troublemakers.

Oh I do imagine they're always looking for the easiest targets. But in the case of my guildie they must have had some kind of in-depth information about the system, as they were able to log on while the account was inactive, bypass his authenticator, and take more than the daily limit in both gold and item withdraws. Could he by lying about account activity and the authenticator? Maybe, but if he was capable of compromising/exploiting Blizz's systems (knowing him for 3 years, he's not) to be able to withdraw more than the daily limit, Blizz would have found evidence it was him and wouldn't have given his account back.

I was "hacked" once myself, back before authenticators, and when I used the same username/password for other services (which is how I suspect they got my info). They transferred one of my characters to a different server by bypassing the normal transfer process. When I got my account back there was no record that a transfer had been initiated through the paid transfer service (and they only had it for 3 hours so a GM ticket for a transfer couldn't have been answered in that time), but there my character was, naked on a server I had never played on. So sometimes they do exploit genuine flaws in the system, but how they come across these magical powers is not for me to know.

And yeah, hackers/exploiters will always be a thorn in the side of developers of sensitive systems, whether gaming or banking or government contracting. All I can really do is protect myself the best way I know how. I'll leave the battle of wits up to the professionals and the troublemakers.

If people noticed in the last couple of weeks, folks were asked to also make some Security Q&As for their account. I haven't seen them be used when logging into the SWTOR website but I assume they are for account verification in case of theft and such.
With the Authenticator, a strong password, being smart with PC security, you shouldn't have any troubles with your account.